Follow me:

WPA3-Enterprise Part 2

Wi-Fi Alliance defines three modes of operations for WPA3-Enterprise:

  • WPA3-Enterprise only
  • WPA3-Enterprise transition mode
  • WPA3-Enterprise 192-bit mode

This Episode is sponsored by WiFi Scanner

Download your trial today at WiFiScanner.com

Specifications

WPA3-Enterprise Only

Here are the important specifications:

  • An AP and STA shall enable at least AKM suite 00-0F-AC:5 (IEEE 802.1X with SHA-256)
  • An AP and STA shall not allow AKM suite 00-0F-AC:1 (IEEE 802.1X with SHA-1)
  • An AP and STA would support & use MFP
  • a STA shall not enable WEP and TKIP

WPA3-Enterprise Transition

Here are the important specifications:

  • An AP and STA shall enable at least AKM suite 00-0F-AC:5 (IEEE 802.1X with SHA-256) and 00-0F-AC:1 (IEEE 802.1X with SHA-1)
  • An AP and STA must support MFP

WPA3-Enterprise 192-bit

Here are the important specifications:

  • PMF must be required by both the AP and STA
  • Limited set of EAP cipher suites are allowed:
    • TLS ECDHE ECDSA with AES 256 GCM SHA384
    • TLS ECDHE RSA with AES 256 GCM SHA384
    • TLS DHE RSA with AES 256 GCM SHA384
Beacon Frames

WPA3-Enterprise Only

WPA3-Enterprise Transition

Comparison between WPA3-Enterprise and WPA3-Enterprise Transition mode:

Resources

Hosted by
Mark Nemiz
Join the discussion

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this show

Episode 320